Tagged Questions

The Digital Signature Algorithm (DSA) is a United States Federal Government standard or FIPS for digital signatures. It was proposed by the National Institute of Standards and Technology (NIST) in August 1991 for use in their Digital Signature Standard (DSS), specified in FIPS 186, adopted in 1993. ...

My goal is to allow two clients to send files securely over an untrusted network without the need for more than one block of information to be sent. Both clients have ECDSA keys of size 256 bits. I'd ...

All the articles I read on the web about DSA keep telling me that the size of the hash needs to be truncated so that the bit length is equal to or lesser than the bit length of the prime number of the ...

So if I use secp256k1 for example, I've got my key size of 256 bit, and say I sign a SHA256 hash of a message, with size 256 bit, I get an output of size 512bit.
Why is there a difference between the ...

Where should I look at in Bitcoin Core source code to figure out how the signature process trasform a message in a curve point?
To sign a transaction (message) in Bitcoin system, you need to encode ...

I am doing the program of implementing ECDSA for which I am trying to solve the equation scenario. In ECDSA that signature generation algorithm which states as hash value from the SHA-1 and where $l$ ...

When dealing with Asymmetric cryptographic algorithms, usually the sender of the critical data asks the listener for a Public Key for encrypting the data and sending them. This is while the private ...

So I made my own serial key generation software, using ECDSA, for use in my own applications and it works great so far! To keep the serial key short enough I use a 128 bit EC curve. My final signature ...

In several public key algorithms, the person running the algorithm must generate a random number (that's separate from the key). Can this random number be the same for an encryption and a signature? ...

If I have a 256bit ECDSA public key how likely is it that the same public key will be generated by another person. Will it take on average 2^256 tries to generate same public key? If I xor the first ...

EdDSA calculates $s=(r+H(R\mathbin{\Vert}A\mathbin{\Vert}M)\cdot a)\bmod\ell$ and $r=H(h\mathbin{\Vert}M)$, with
$H$ being the hash function (SHA2/512);
$B$ being the generator;
$A$ being the public ...

I know that a cryptographically secure hashing algorithm is required for proper message signing (SHA-1, or I think SHA-2 is the current suggested algorithm). However, why does the hashing algorithm ...

Are there signatures that don't have subliminal channels and also don't require commitments or zero-knowledge proofs?
DSA or Shorr signatures need a nonce which can leak valuable information. There ...

I’m implementing the RFC 6979 procedure to compute a message signature. I want to test my program on the secp256k1 elliptic curve. Note the “k” in secp256k1, i.e. the Koblitz curve.
If you have the ...

In DSA, one needs to generate two primes $p$ and $q$ such that $q$ is $256$-bit and $p$ is $3072$-bit and $p-1$ is a multiple of $q$.
Question: How to generate such $p$ and $q$.
Attempt: First, use ...

I need to use ECDSA as the signing algorithm and SHA256 for hashing the message. I'm running into troubles verifying the signature calculated on two different platform (one is BouncyCastle, another ...

Here's an authentication scheme I had in mind that combines the simplicity of HTTP Digest Authentication and the security of real crypto primitives. I have in mind the user-level authentication, ie ...

Given a (bad) modification of DSA where the hash function is the identity ($H(m)=m$), I am now supposed to design an attack. So $(m, (r,s))$ are given and I should be able to create a legit signature ...

I have a question regarding the random $k$ number of ECDSA encryption. As far as I know, it is possible to retrieve $k$ (and thus the private key) from two signed messages if both used the same $k$. ...

I have a question regarding the random $k$ number of ECDSA encryption. As far as I know, it is possible to retrieve $k$ (and thus the private key) from two signed messages if both used the same $k$. ...

I’ve spent a couple of days researching the topic of creating a license system for my desktop software. While I fully understand that there’s no perfect copy protection, this approach seems to have ...

For our privacy-preserving protocol, an encrypted channel is established. In order to protect our system from man-in-the-middle attacks, signature-based approach is used. After we've implemented it ...

This question is a variant on Given a message and signature, find a public key that makes the signature valid, which discusses the analogous question for RSA. It was suggested to me by this post over ...